KiloEx, Supported by Binance Wallet and YZi Labs, Falls Victim to a $7 Million Security Breach
Hackers Drain $7 Million from KiloEx Using Tornado Cash
Cyvers analysts report that the attacker used a Tornado Cash-funded address to execute a series of coordinated transactions. It exploited potential access control flaws in KiloEx’s price oracle system.
On-chain evidence shows rapid fund movements between multiple chains. This raises concerns over systemic vulnerabilities in multi-chain DeFi architecture.
KiloEx launched its Token Generation Event (TGE) on March 27 in partnership with Binance Wallet and PancakeSwap. It’s currently listed on Binance Alpha.
“Root cause was a potential price oracle access control vulnerability. The attacker is still actively exploiting the system, and USDC may be subject to blacklisting,” wrote Cyvers.
The project was incubated by YZi Labs, an investment and innovation division previously branded as Binance Labs.
The launch attracted significant attention due to its backing and integration with BNB Smart Chain.
Following the attack, KiloEx has suspended its platform and is collaborating with security partners to investigate the breach and track stolen funds.
The team has announced plans to launch a bounty program to encourage white hat assistance and recover user assets.
Update on the KiloEx Vault Exploit
We are actively collaborating with BNB Chain, Manta Network, and leading blockchain security partners—including Seal-911, SlowMist, and Sherlock—to investigate the recent KiloEx Vault exploit and trace the stolen assets.
Our joint…
The incident has triggered sharp market reactions. The KILO token plummeted by 30%, with its market capitalization dropping from $11 million to $7.5 million within hours of the attack.
Security teams are actively monitoring the attacker’s wallet addresses. The situation remains fluid as remediation efforts continue and the vulnerability is further assessed.
